Royal Bank of Canada Spoofed within Fresh Phishing Scam

According to researchers from GFI Labs, cyber-criminals have launched one phishing scam involving an e-mail purporting to be from RBC (Royal Bank of Canada).

The fake e-mail reportedly, pretends to be a notice about an update for customers' account security, yet it directs users for confirming the details of personal bank accounts by clicking on its "Validate" link.

However, on clicking, users are diverted onto a form, which solicits their social security numbers, usernames and passwords, GFI outlines.

In fact, the security company explains that similar to the majority of unsophisticated phishing attacks, the current phishing scam is somewhat odd, as "security updates" alternatively any "planned system maintenance" has no association with account validation.

Moreover, the composition of the campaign hardly reveals any sensible meaning, while the phishers responsible for the scam apparently just utilized phrases and terms, which tried making users to potentially follow the e-mail link.

Additionally, the online questionnaire or form provided too looks extremely suspicious since although there's the bank's official logo in it, the domain on which it is hosted is named "tipoco-gps" that bears no association with any banking institution.

Furthermore, there are certain web-links listed at the page's bottom, which connect with the real cache site, but apart from that there's virtually no other legitimate element.

The GFI researchers caution that once users provide all the requisite information the form asks for, the inevitable consequence they'll face is a drained bank account. For this reason, users require knowing about these attacks that are currently frequent, they argue. Softpedia.com reported this on October 21, 2011.

Additionally, the researchers emphasize that users must know that no lawful financial institution or bank similar to RBC within the above stated instance will ever solicit consumers' usernames and passwords over electronic mail; hence, any e-mail asking for such personal info is likely a rogue e-mail.

Conclusively, a phishing scam striking the Royal Bank of Canada isn't new. During September 2011, a spoofed electronic mail posing as communication from RBC, which experts spotted, told recipients that the expiration date of their client card nearly arrived so they must update their details.